As companies evolve their remote and hybrid work models, technology risk management is no longer optional. To innovate and grow in distributed settings, companies must cultivate data transparency, informed decision-making, and an “all-for-one, one-for-all” approach to risk.
Amid the talent crisis, technology risk management is opening doors for companies to expand geographically and hire people anywhere in the world. This requires leaders to rethink how to manage people, data, devices, and vendors. With Cybersecurity Awareness Month encouraging us to “See Yourself in Cyber,” a shift is in order.
At NewRocket, we’re proud to have a remote-first company culture that allows us to work with people worldwide. Our risk-aware culture is a huge part of what makes that work.
What are the risks?
Before looking at how to reduce risk within the workplace, it’s important to understand where it originates. Here are three of the most common areas you might find added risk.
Employees manage remote work differently than in-office work. They might read email via a personal cell phone, access client documents through an external Google account, or export a Zoom call recording to a tablet for later review.
An employee may not intend to compromise company data, but it’s still a major cause for concern. In fact, 82% of data breaches result from human error.
Remote work would be impossible without integrated software systems for video calls, live chat, data storage, and more. But as company leaders add more external vendors, they invite more risk into their organization.
Legal and compliance leaders have identified third-party vendors as a top threat to company assets. Gartner found that 83% of executives reported third-party risks were discovered after initial onboarding and due diligence.
When employees move on, what happens to their devices? What about their email accounts and system login information?
Without firm protocols to regularly update passwords, close accounts, and collect devices, the departure of an employee can lead to data leaks and unauthorized changes to company assets.
How to build a risk-aware company culture
Though you’ll likely never be able to eliminate risk entirely, you can take proactive steps to minimize its impact. Through a combination of tools and processes — and the right mindset — you’ll be set up for long-term success.
Create a risk-positive culture
A company that understands the importance of risk management and creates an environment that celebrates finding opportunities to improve the organization will not be afraid to speak up and point out weaknesses that could open your organization to threats.
Too often, we see haranguing and finger-pointing when a problem is found. That only leads to frustrated and intimidated employees. Risk management must be considered and implemented as an enabler of your business, not as a disabler of your employees’ daily lives.
Streamline your tech
The more cohesive, the better. Risk management dashboards are powerful tools to build data transparency, win executive buy-in, automate processes, and get information to the right decision-makers.
Centralized risk management tools and insights equip employees to develop an understanding of the company’s risk management strategy and the role each employee plays in it. These tools also improve visibility into real-time compliance and enable fine-grained business impact analysis to appropriately prioritize and respond to risks.
With full risk visibility across departments, employees will find more – and better – opportunities to build expertise and contribute to the company’s risk-aware culture.
Always be monitoring
Trouble comes when you least expect it, so don’t wait. You’ll run into fewer issues when you proactively monitor, detect, assess, mitigate and remediate risks across internal and external ecosystems.
Don’t overwhelm employees if you want to keep them invested in the company’s risk management strategy. For continuous monitoring, look for opportunities to automate repetitive processes, freeing time for employees to dial into more fulfilling and impactful tasks.
Ongoing risk monitoring also empowers companies to measure the efficacy of risk responses, glean actionable insights and identify trigger conditions before a problem occurs. No risk management strategy is complete without monitoring.
Keep detailed records of assets
Company assets should be tracked, indexed and updated regularly to minimize risk, from employee laptops and cell phones to data and supply chains. With the rise of remote work, tracking assets has become even more complicated, so it’s important to use integrated tools to keep tabs on physical and intellectual property.
Companies can use records for a variety of risk management purposes, such as to prove compliance, avoid penalties, inform business decisions and keep assets secure. Records can also be used to track usage trends and implement systems for asset management. With company-specific standards in place, employees are better prepared to use assets wisely.
Tap department leaders for consistent communication
In distributed workforces, it can’t simply fall on one person to promote a company’s risk-aware culture. Organizations must look for ways to get the whole team on board with proactive risk management and ensure they understand it’s the entire team’s responsibility.
To take risk awareness company-wide, let department heads be the experts on risk management for their direct reports. Encourage them to lead by example, frequently remind team members of role-specific best practices, and provide updates on new standards and insights.
This communication must be consistent. If employees hear something once, they’ll likely forget about it — even unintentionally. But when risk awareness is baked into the company culture, that leads to significantly better results.
With a full-team focus on identifying and mitigating risk, your company will be well prepared to thrive in a remote work setting.
Melissa is a seasoned security strategist, technologist, and innovator. Feel free to connect with Melissa on LinkedIn.